Skip to main content

How a global or privileged role admin can consent to ShareGate's Microsoft 365 permission scopes

Learn how to consent to the necessary Microsoft 365 permission scopes needed for various operations in ShareGate Migrate and ShareGate Protect

Updated this week

ShareGate requires different permission scopes for a number of its features and applications. This article explains how a global or privileged role admin can consent to these permissions, allowing ShareGate users to benefit from all the features they need from our apps.

For an overview of permission scopes before you start, see ShareGate's Enterprise applications in Microsoft Entra.

You can also review the required permissions in the Microsoft 365 permission scopes required for ShareGate article.

Note: You can revoke these permission scopes at any time after you have consented to them.

Prerequisite

You must have global admin or privileged role admin permissions on the Microsoft 365 tenant to consent to these permission scopes.

How-to

If you're running ShareGate operations with a global or privileged role admin account, you can consent to the required permission scopes you need when you sign in to your tenant through a ShareGate feature.

If you're setting up the necessary permissions on behalf of ShareGate users who lack sufficient permissions to consent to these scopes themselves, you can follow the guides below to grant consent for all the required features through Microsoft 365 sign-in links.

Note: A user with insufficient Microsoft 365 access may receive a link that they can send to you to consent to a specific scope they require. That link will guide you through the consent and access process for that scope only.

ShareGate Migrate

ShareGate Migrate has 4 permission scopes you can consent to. To consent to one or multiple ShareGate Migrate scopes:

  1. Click on the link to the Microsoft sign-in page for the permission scope you want to consent to:

  2. Sign in with your Global or privileged role admin account.

  3. Consent to the permission scope.

Note: The ShareGate migration assessment permission scopes can only be consented to when you sign in to your tenant with a global or privileged role admin account.

The migration assessment is currently only available to select partners.

ShareGate Protect

ShareGate Protect has 4 permission scopes you can consent to. To consent to one or multiple ShareGate Protect scopes:

  1. Click on the link to the Microsoft sign-in page for the permission scope you want to consent to:

  2. Sign in with your Global or privileged role admin account.

  3. Consent to the permission scope.

  4. Once consented, users will need an Assessor role in Entra ID to access ShareGate Protect. To grant that role, see Assign the Assessor role in Entra ID.

Note: When you consent to ShareGate Protect's permission scopes, a crawl of your tenant is initiated to gather the necessary information for your assessment and remediation actions.

Troubleshooting

If you experience an issue consenting to a permission scope, see Troubleshooting permission scope consent issues.

Did this answer your question?